Microsoft Access Remote Code Execution Vulnerability
CVE-2024-49142

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 12 December 2024

Summary

The vulnerability in Microsoft Access allows for remote code execution, enabling an attacker to execute arbitrary code on the user's system. This security flaw can be exploited when a user opens a specially crafted Access file. Successful exploitation can result in unauthorized access to sensitive data and control over the affected system. It is crucial for users to apply patches and security updates as provided by Microsoft to mitigate risks associated with this vulnerability. Ensuring that appropriate security protocols are in place and regularly updated can help safeguard against such attacks.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5478.1004

Microsoft Access 2016 (64-bit edition) Unknown 16.0.0 < 16.0.5478.1004

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Oct 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed